Differences

This shows you the differences between two versions of the page.

--- devel:documentation:application_configuration:dev:backend [2020/09/08 12:06]
tomiskar [Entity events]
+++ devel:documentation:application_configuration:dev:backend [2021/05/05 09:08]
tomiskar [Application/ Server]
@@ Line 60: / Line 60: @@
 # Public properties - available for frontend without authentication (show information about app, decorators etc.).
 #
-# Application stage - development, test, production
+# Application stage - development, test, production.
 idm.pub.app.stage=
 # Application instance / server id - is used for scheduler etc.
-# Should be defined in property file only
+# Can be defined in property file only! Overidding via ConfigurationService is not possible for application instance (~ more instanceos on the same database)
 idm.pub.app.instanceId=idm-primary
 # global date format on BE. Used in notification templates, logs, etc. FE uses localization key 'core:format.date'.
@@ Line 71: / Line 71: @@
 # Show identifiers (uuid) in frontend application. Empty value by default => identifier is shown, when application 'idm.pub.app.stage' is set to 'development'.
 idm.pub.app.show.id=
-# Show transaction identifiers (uuid) in frontend application
+# Show transaction identifiers (uuid) in frontend application.
 idm.pub.app.show.transactionId=false
-# Show role environment in frontend application for roles (table, role detail, niceLabel, info components, role select)
+# Show role environment in frontend application for roles (table, role detail, niceLabel, info components, role select).
 idm.pub.app.show.environment=true
-# Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select)
+# Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select).
 idm.pub.app.show.role.baseCode=true
+# Number of items (pagination) in role catalogue tree in root level. Used on role select and agenda.
+idm.pub.app.show.roleCatalogue.tree.pagination.root.size=25
+# Number of items (pagination) in role catalogue tree in other levels. Used on role select and agenda.
+idm.pub.app.show.roleCatalogue.tree.pagination.node.size=25
+# Number of items (pagination) in tree node structure in root level.
+idm.pub.app.show.treeNode.tree.pagination.root.size=50
+# Number of items (pagination) in tree node structure in other levels.
+idm.pub.app.show.treeNode.tree.pagination.node.size=50
 # Available size options for tables in frontend application
 idm.pub.app.show.sizeOptions=10, 25, 50, 100
@@ Line 87: / Line 95: @@
 # Number of selected record is shown in drop down select header.
 idm.pub.app.show.table.quickButton.menuIncluded=true
-# show default form for newly created user
+# Show default form for newly created user.
-# default form can be disabled => at least one configured form projection is needed
+# Default form can be disabled => at least one configured form projection is needed.
 idm.pub.app.show.identity.formProjection.default=true
+# Rendered column in identity table agenda. Comma is used as separator. Order of rendered columns is preserved as configured.
+# Available columns:
+# - username - username with link to detail
+# - entityinfo - identity info card
+# - lastName
+# - firstName
+# - externalCode - personal number
+# - email
+# - state
+# - passwordexpiration - information about identity password epiration
+# - description
+# Note: Table in identity agenda can be configured with this property (common identity table with columns is not specified on FE).
+# If you want to configure rendered columns for all tables generalized from identity table (e.g. on role or tree node detail),
+# you can use FE configuration https://wiki.czechidm.com/devel/documentation/application_configuration/dev/frontend
+idm.pub.app.show.identity.table.columns=username, lastName, firstName, externalCode, email, state, description
 # If is true, then role-request description will be show on the detail.
 # Description will hidden if this property will be false and role request
@@ Line 97: / Line 120: @@
 # Private properties - used on backend only.
 #
-# create demo data at application start
+# Create demo data at application start.
 idm.sec.core.demo.data.enabled=true
-# demo data was created - prevent to create demo data duplicitly
+# Demo data was created - prevent to create demo data duplicitly.
 idm.sec.core.demo.data.created=false
 # Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates.
@@ Line 105: / Line 128: @@
 idm.sec.core.init.data.enabled=true
 </code>
+=== Change server for asynchronous processing (switch application instance) ==
+@since 11.1.0
+Application instance (server) is used for asynchronus processing - for scheduled tasks, asynchronous long running tasks and events.
+Instance identifier can be defined in the application profile (application.properties) by property ''idm.pub.app.instanceId''.
+When we want to schedule and process asynchronous tasks and event on other instace (or when one instance shutdown), then we can switch processing by provided bulk action ''Change server for asynchronous processing'' in configuration agenda:
+{{ :devel:documentation:application_configuration:dev:switch-instance-bulk-action.png |}}
+Previous and new instance identifier is required as input parameters. All scheduled tasks and all created (~ not processed) asynchronous long running tasks and events will be moved from previous to new instance and will be processed on new instance (server).
 ==== Jpa ===
@@ Line 173: / Line 209: @@
 <springProperty name="spring.datasource.jndi-name" source="spring.datasource.jndi-name"/>
-<appender name="DB" class="ch.qos.logback.classic.db.DBAppender">
+<appender name="DB" class="eu.bcvsolutions.idm.core.exception.IdmDbAppender">
 	<connectionSource class="ch.qos.logback.core.db.JNDIConnectionSource">
 		<!-- please note the "java:comp/env/" prefix -->
@@ Line 445: / Line 481: @@
 # Thread priority for threads in event executor pool - 5 by default (normal).
 scheduler.task.executor.threadPriority=
+# Asynchronous task processing is stopped.
+# Asynchronous task processing is stopped, when instance for processing is switched => prevent to process asynchronous task in the meantime.
+# Asynchronous task processing can be stopped for testing or debugging purposes.
+# Asynchronous task are still created in queue, but they are not processed automatically - task can be executed manually from ui.
+idm.sec.core.scheduler.task.asynchronous.stopProcessing=false
 # Event queue processing period (ms). Period to read prepared (~created) asynchronous entity events from queue.
 # Events are processed in batch configured by property 'idm.sec.core.event.asynchronous.batchSize'. If you events are processed quickly (~provisioning on your environment is quick), then batch size can be higher or this property can be lower.
@@ Line 582: / Line 623: @@
 # disable / enable asynchronous event processing. Events will be executed synchronously, if it's disabled. Enabled by default.
 idm.sec.core.event.asynchronous.enabled=true
+# Asynchronous event processing is stopped.
+# Event processing is stopped, when instance for processing is switched => prevent to process instances in the meantime.
+# Asynchronous event processing can be disabled for testing or debugging purposes.
+# Events are still created in queue, but they are not processed.
+idm.sec.core.event.asynchronous.stopProcessing=false
 # Asynchronous events will be executed on server instance with id. Default is the same as {@link ConfigurationService#getInstanceId()} (current server instance).
 idm.sec.core.event.asynchronous.instanceId=
@@ Line 608: / Line 654: @@
 ==== Bulk actions ====
+@since 10.6.0
 In the application profile (''application.properties'') - overloadable via ''ConfigurationService''.
@@ Line 618: / Line 666: @@
 Common configuration properties for all bulk actions:
-  * ''enabled'' - true / false
+  * ''enabled'' - **true** / false.
-  * ''order'' - bulk action order (for FE only)
+  * ''order'' - bulk action order (for FE only). Action provided default order in implementation.
-  * ''icon'' - Icon on frontend (for FE only). Icon libraries can be used: ''component:'', ''fa:'', ''glyph:''.
+  * ''icon'' - Icon on frontend (for FE only). Icon libraries can be used: ''component:'', ''fa:'', ''glyph:''. Icon is loaded from FE locale by default.
-  * ''level'' - bulk action level ~ button and icon color (for FE only). Available [[https://github.com/bcvsolutions/CzechIdMng/blob/develop/Realization/backend/core/core-api/src/main/java/eu/bcvsolutions/idm/core/notification/api/domain/NotificationLevel.java|options]].
+  * ''level'' - bulk action level ~ button and icon color (for FE only). Available options: ''success'' (default value), ''info'', ''warning'', ''error''.
-  * ''deleteAction'' - true / false - Action deletes records (for FE only). Action will be in bottom menu section, is action is included in menu.
+  * ''deleteAction'' - true / **false** - Action deletes records (for FE only). Action will be in bottom menu section, is action is included in menu.
-  * ''quickButton'' - true / false - Render action as quick button (for FE only). The first available actions are rendered as buttons, if icon is defined. This configuration enforces rendering action as quick button (order is ignored).
+  * ''quickButton'' - true / **false** - Render action as quick button (for FE only). The first available actions are rendered as buttons, if icon is defined. This configuration enforces rendering action as quick button (order is ignored).
+  * ''quickButtonable'' - **true** / false - Action can be included in quick buttons on FE. Set to **false**, when button should be not rendered => action will be rendendered in drop down menu only.
@@ Line 656: / Line 705: @@
 # Default main WF for approve all roles.
 idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions
+</code>
+==== Universal requests =====
+<code properties>
+## Universal requests
+# Role
+idm.pub.core.request.idm-role.enabled=false
+# Defines type of guarantee. Requests will be approving only by guarantee with this type.
+# If returns null, then all guarantees will be used for approving (no limitations).
+idm.sec.core.request.idm-role.approval.guarantee-type=
 </code>
@@ Line 685: / Line 744: @@
 <code properties>
-# Enable / disable check filter is properly registered, when filter is used (by entity and property name). Throw exeption, when unrecognised filter is used.
+# Enable / disable check filter is properly registered, when filter is used (by entity and property name).
+# Throws exception, when unrecognized filter is used.
 idm.sec.core.filter.check.supported.enabled=true
+# Check count of values exceeded given maximum.
+# Related to database count of query parameters (e.g. Oracle = {@code 1000}, MSSql = {@code 2100}).
+# Throws exception, when size is exceeded. Set to {@code -1} to disable this check.
+idm.sec.core.filter.check.size.maximum=500
 </code>
@@ Line 784: / Line 848: @@
 This authentication filter reuses SSO authentication filter behavior above (''uid-suffixes'', ''forbidden-uids''), but application administrator can be logged by this filter (identity with ''APP_ADMIN'' authority).
+=== Two-factor authentication ===
+[[..:..:security:dev:security#two-factor_authentication|Two-factor authentication]] can be configured in the application profile (application.properties) with following properties:
+<code properties>
+# Verification secret length
+totp.secret.length=32
+# Time Period ~ period to generate new authentication code
+totp.time.period=30
+# Time Discrepancy - number of past (but still valid) authentication codes (e.g. when code is sent by notification, then user could need more time to fill it into CzechIdM)
+totp.time.discrepancy=1
+</code>
+=== CAS authentication filter ===
+@since 10.9.0
+[[..:..:security:dev:security#cas_authentication|CAS authentication]] can be configured with following properties:
+<code properties>
+# Enable authentication via CAS. If enabled, all properties below "Other properties" become mandatory and must be set for SSO authentication via CAS to work. Default: false
+idm.pub.core.cas.sso.enabled=true
+# Other properties
+# Base URL where CAS is accessible. Syntax of this field is https://hostname-of-CAS/URI.
+idm.pub.core.cas.url=
+# Suffix which is, in effect, appended to idm.pub.core.cas.url. Resulting URL is used for login operation in CAS. It must start with slash (eg. /login).
+idm.pub.core.cas.login-suffix=/login?service=
+# Suffix which is appended to idm.pub.core.cas.url. Resulting URL is used for single sign-out operation. It must start with slash (eg. /logout).
+idm.pub.core.cas.logout-suffix=/logout?service=
+# URL of CzechIdM. This URL is used for redirect back after logout and also for ticket validation. Syntax of this field is https://hostname-of-CzechIdM/URI.
+idm.pub.core.cas.idm-url=
+# Header name in which CAS sends the ticket value.
+idm.sec.core.cas.header-name=referer
+# Path to CzechIdM for the HTTP Referer header used by CAS while redirecting back to application. This value is concatenated with CAS ticket to form Referer header. Syntax of this field is https://hostname-of-CzechIdM/URI/?ticket=.
+idm.sec.core.cas.header-prefix=
+</code>
 ==== Backup ====
@@ Line 790: / Line 889: @@
 <code properties>
-# configuration property for default backup
+# Configuration property for backup files.
+# Configured attachment storage patrh ( see 'idm.sec.core.attachment.storagePath') is used as default.
 idm.sec.core.backups.default.folder.path=/tmp/backup
 </code>
@@ Line 830: / Line 930: @@
 You can disable long polling for all types of entites with use value `false`.
 ==== Provisioning ====